Skip to Main Content Back to Top Let's Talk
Home Blog Texas Data Privacy and Security Act (TDPSA) Overview

Texas Data Privacy and Security Act (TDPSA) Overview

Two lawyers are discussing about contract paper, law matters determination, and hammer on the table in office
Higginbotham H logo

The Texas Data Privacy and Security Act (TDPSA), set to take effect on July 1, 2024, introduces a broad scope of regulations impacting nearly all consumer-facing companies operating within Texas. This pivotal legislation is in alignment with global data protection standards, offering a framework for data management and consumer rights. Understanding the impact and scope of the TDPSA can seem daunting, but Higginbotham is here to help you understand some of the key aspects of this act.

Who does the TDPSA apply to?

The TDPSA affects for-profit entities located in Texas or serving Texas residents, with minimal exceptions. With this, it broadens the scope beyond thresholds of data processing or revenue from data sales seen in other states.

Definitions and Terminology

The TDPSA aligns its terminology with that used in many other state privacy laws and the EU’s General Data Protection Regulation (GDPR), helping to enhance clarity and understanding. Key terms include Controller, Processor and Process, each defined to help demarcate roles within data management.

TDPSA Privacy Notice Requirements

Controllers must issue a clear and accessible privacy notice that details:

  • Types of personal data processed, including sensitive data
  • Purposes for data processing
  • Consumer rights exercise procedures
  • Data sharing disclosures

Close-up photo of African American male hands typing on a laptop keyboard

Consumer Rights and Special Provisions

The TDPSA affords consumers rights akin to those in other state laws, such as accessing, correcting or deleting their personal data and requesting their data in a portable format. Some unique rights include:

  • Opt-in for sensitive data processing
  • Opt-out of data sales, targeted advertising and profiling
  • Appeal process for denied requests

Special provisions include guidelines on the handling of deidentified data, sensitive data notices and biometric data sales.

Contracts and Enforcement

The TDPSA requires contracts between processors and controllers outlining duties, data security assistance and compliance documentation. In terms of enforcement, under the TDPSA, this responsibility lies with the Texas Attorney General, with civil penalties for violations and no private right of action.

The Importance of TDPSA Compliance

For businesses and consumers alike, understanding and preparing for the TDPSA is crucial. This overview touches on key elements of the TDPSA, but if you’d like to gain more insights into the act and its impact on compliance and strategic data management, you can view a more in-depth summary here.

If you’re seeking assistance with cyber insurance or risk management strategies, whether related to the TDPSA or not, our team can offer guidance and support tailored to your business needs. Learn more about TDPSA regulations and compliance in Higginbotham’s TDSPA whitepaper and, if you need further guidance, talk to one of our cyber insurance specialists.

Not sure where to start? Talk to someone who wants to listen.

A great plan starts with a conversation. Let’s talk about what you need.

Let’s Talk

Request a Quote

Woman looking sideways to window in design office
Higginbotham H logo